Control and regulatory compliance

Regulatory compliance is a second line activity. It is good practice for internal audit to provide assurance over the activities of second line functions. However, in some organisations internal audit may be required to provide compliance assurance in relation to first line activities.

Regulation is a vast, wide-ranging topic.   

The guidance and resources on this page should be considered as a start point to your learning journey.

IPPF links | GuidanceAdditional resources | Relevant position papers

Data Protection |  A-Z

Main IPPF links

Core Principles 

3. Is objective and free from undue influence (independent).
7. Communicates effectively
8. Provides risk-based assurance.
9. Is insightful, proactive, and future-focused.
10. Promotes organisational improvement.

 Core principles

2050 Coordination and reliance   Implementation guidance
2130 Control  Implementation guidance



Chartered IIA
IIA Global
Auditing the control environment  

Data protection including GDPR

Chartered IIA
Data protection Key changes in the new GDPR GDPR as BAU: processes in place?
Data breach incidents and response plans  
IIA Global  
Tips for auditing data privacy
Data ethics


Chartered IIA
Anti-money laundering Bribery Act 2010 Bribery Act: adequate procedures
Deprivation of Liberty Safeguards Digital accessibility regulations Gender pay
Health and safety Corporate killing Human rights reporting
IR35 IR35 - Inclusion of private sector Modern Slavery Act 2015
Slavery and human trafficking Prompt payment code Safeguarding
IIA Global  
Human Trafficking and Slavery  

Additional resources 

Codes of practice | financial services, private and third sector

Need help to find what you are looking for? ask the resources team

Chartered IIA Position Papers

Internal audit and corrupt practices

Content reviewed: 28 February 2022